如何解决S3输入插件未读取AWS-KMSCMK加密存储桶
我正在按照以下配置运行带有s3管道的logstash容器:
input {
s3 {
id => "pipeline_s3_example_bucket_input"
bucket => "example-bucket"
region => "ap-southeast-1"
access_key_id => "#######################"
secret_access_key => "#######################"
codec => "json_lines"
sincedb_path => "/sincedbs/pipeline_s3_example_bucket.sincedb"
prefix => "folderA"
add_field => {
"type" => "example-bucket-logs"
"host" => "example-bucket"
}
}
}
我的s3存储桶使用自定义托管密钥通过AWS-KMS加密。我正在使用以下IAM策略让用户读取存储分区数据:
{
"Version": "2012-10-17","Statement": [
{
"Sid": "IAMPolicy","Effect": "Allow","Action": [
"s3:GetObject","kms:Decrypt","s3:GetBucketLogging","kms:GenerateDataKey","kms:DescribeKey","s3:GetObjectTagging","s3:ListBucket","s3:GetBucketVersioning","s3:GetBucketLocation","s3:GetObjectVersion"
],"Resource": [
"arn:aws:kms:ap-southeast-1:<account-id>:key/<Key-ID>","arn:aws:s3:::example-bucket","arn:aws:s3:::example-bucket/*"
]
}
]
}
我还在关键用户中添加了用户arn,我使用aws cli命令测试了访问权限,并且效果也很好。但是,logstash无法提取这些日志,我也看不到容器日志中的任何错误。如果其他人遇到过类似的问题,请提供帮助。
针对同一问题的弹性社区链接:https://discuss.elastic.co/t/s3-input-plugin-is-not-reading-aws-kms-cmk-encrypted-bucket/249439
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。